/**
 * Copyright (c) 2011-2016, zzcmkj.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package net.cmkj.mine.interceptor;

import java.io.PrintWriter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.jfinal.aop.Interceptor;
import com.jfinal.aop.Invocation;
import com.jfinal.core.Controller;
import com.jfinal.kit.StrKit;

import net.cmkj.mine.bean.SysUser;
import net.cmkj.mine.common.anno.Logical;
import net.cmkj.mine.common.anno.RequiresPermissions;
import net.cmkj.mine.util.IWebUtils;

/**
 * 权限拦截器
 * 
 * @author zzcmkj
 *
 */
public class AuthorityInterceptor implements Interceptor {

	public void intercept(Invocation inv) {
		RequiresPermissions requiresPermissions = inv.getMethod().getAnnotation(RequiresPermissions.class);
		boolean hasPermissions = true;
		if (requiresPermissions == null) {
			requiresPermissions = inv.getController().getClass().getAnnotation(RequiresPermissions.class);
		}
		if (requiresPermissions != null) {
			try {
				SysUser sysUser = IWebUtils.getCurrentSysUser(inv.getController().getRequest());
				if (sysUser == null) {// 没有登陆
					hasPermissions = false;
					Controller ctrl = inv.getController();
					try {
						HttpServletRequest request = ctrl.getRequest();
						HttpServletResponse response = ctrl.getResponse();
						request.setCharacterEncoding("utf-8");
						response.setCharacterEncoding("utf-8");
						response.setContentType("text/html;charset=utf-8");
						StringBuffer login = new StringBuffer();
						login.append("<script type=\"text/javascript\" charset=\"UTF-8\">");
						login.append("alert(\"页面过期，请重新登录\");");
						login.append("window.top.location.href=\"");
						String redirectPath = "";
						if (StrKit.notBlank(inv.getActionKey()) && !inv.getActionKey().equals("/")) {
							redirectPath = "/sys_admin/login?url=" + inv.getActionKey();
						} else {
							redirectPath = "/sys_admin/login";
						}
						login.append(request.getContextPath() + redirectPath + "\";</script>");
						PrintWriter out = response.getWriter();
						out.print(login);
						out.close();
						ctrl.renderNull();
					} catch (Exception e) {
						e.printStackTrace();
					}
				} else {
					// 判断是否有该资源的访问权限
					String[] values = requiresPermissions.value();
					if (values.length == 1) {
						if (StrKit.isBlank(values[0])) {
							values[0] = inv.getActionKey();
						}
						/*
						 * if(!sysUser.getPermissionSets().contains(values[0])&&!sysUser.isAdmin()){
						 * hasPermissions=false; inv.getController().renderJson("没有权限"); }
						 */
					} else {
						if (requiresPermissions.logical().equals(Logical.AND)) {
							for (String value : values) {
								if (!sysUser.getPermissionSets().contains(value)) {
									hasPermissions = false;
									break;
								}
							}
							if (!hasPermissions) {
								if (sysUser.isAdmin()) {
									hasPermissions = true;
								}
							}
						} else {
							hasPermissions = false;
							for (String value : values) {
								if (sysUser.getPermissionSets().contains(value)) {
									hasPermissions = true;
									break;
								}
							}
						}
						if (!hasPermissions) {
							if (sysUser.isAdmin()) {
								hasPermissions = true;
							}
						}
					}
				}
			} catch (Exception e) {
				e.printStackTrace();
			}
		}
		if (hasPermissions) {
			inv.invoke();
		}
	}
}
